You should have sent this to security@cpanel.net if it is real and you are working on it with servermatrix already, you know how to carry out this exploit, so let cpanel know, but don't post it within this forum, till its fixed, if it is real.